[rabbitmq-discuss] Access rights with rabbit_auth_backend_ldap plugin
Simon MacMullen
simon at rabbitmq.com
Fri Oct 21 12:15:32 BST 2011
Ah right, thanks for the feedback.
Cheers, Simon
On 21/10/11 09:04, GEHIN Olivier wrote:
> Hi Simon,
>
> Thank you for your answer.
>
> Today, we have not fully design our LDAP structur.
> However, I could explain more what we try to implement:
> We are developping a service platform, with communication based on rabbitMQ.
> On this platform, we have dynamic users : each user has got this own queue to listen messages and has write access to a common exchange.
> Our problem is the following: we will limit user to have read access only for this own queue.
>
> I think that the solution to use in_group query is not working, because users and queue can be created dynamically, instead rabbit_auth_backend_ldap plugin configuration.
>
> Best regards,
> Olivier
>
> -----Message d'origine-----
> De : rabbitmq-discuss-bounces at lists.rabbitmq.com [mailto:rabbitmq-discuss-bounces at lists.rabbitmq.com] De la part de Simon MacMullen
> Envoyé : jeudi 20 octobre 2011 18:20
> À : rabbitmq-discuss at lists.rabbitmq.com
> Objet : Re: [rabbitmq-discuss] Access rights with rabbit_auth_backend_ldap plugin
>
> Hi Olivier.
>
> At the moment there's no support for regular expressions in the LDAP
> plugin. This might get added in the future though; I'm looking into how
> the existing queries could be enhanced.
>
> At the moment the sort of thing you can do is to use an in_group query
> and have a groupOfNames per object you want to control access to - but
> there's no pattern matching.
>
> If you could describe on or off list how your LDAP database is
> structured and what you're trying to do, that would be a help.
>
> Cheers, Simon
>
> On 20/10/11 14:48, GEHIN Olivier wrote:
>> Hello,
>>
>> I have well configurate the rabbit_auth_backend_ldap plugin with my LDAP
>> directory and the connexion works.
>>
>> Now, I would limit access for a user to write access for a specific
>> exchange and read access for a specific queue.
>>
>> With internal database, we could use regular expression to define access
>> rights for a user.
>>
>> Can we define similar access rights with this plugin?
>>
>> Best regards,
>>
>> Olivier
>>
>> ------------------------------------------------------------------------
>>
>> Ce message et les pièces jointes sont confidentiels et réservés à
>> l'usage exclusif de ses destinataires. Il peut également être protégé
>> par le secret professionnel. Si vous recevez ce message par erreur,
>> merci d'en avertir immédiatement l'expéditeur et de le détruire.
>> L'intégrité du message ne pouvant être assurée sur Internet, la
>> responsabilité du groupe Atos ne pourra être engagée quant au contenu de
>> ce message. Bien que les meilleurs efforts soient faits pour maintenir
>> cette transmission exempte de tout virus, l'expéditeur ne donne aucune
>> garantie à cet égard et sa responsabilité ne saurait être engagée pour
>> tout dommage résultant d'un virus transmis.
>>
>> This e-mail and the documents attached are confidential and intended
>> solely for the addressee; it may also be privileged. If you receive this
>> e-mail in error, please notify the sender immediately and destroy it. As
>> its integrity cannot be secured on the Internet, the Atos group
>> liability cannot be triggered for the message content. Although the
>> sender endeavors to maintain a computer virus-free network, the sender
>> does not warrant that this transmission is virus-free and will not be
>> liable for any damages resulting from any virus transmitted.
>>
>>
>>
>> _______________________________________________
>> rabbitmq-discuss mailing list
>> rabbitmq-discuss at lists.rabbitmq.com
>> https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss
>
>
> --
> Simon MacMullen
> RabbitMQ, VMware
> _______________________________________________
> rabbitmq-discuss mailing list
> rabbitmq-discuss at lists.rabbitmq.com
> https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss
>
> ________________________________
>
>
> Ce message et les pièces jointes sont confidentiels et réservés à l'usage exclusif de ses destinataires. Il peut également être protégé par le secret professionnel. Si vous recevez ce message par erreur, merci d'en avertir immédiatement l'expéditeur et de le détruire. L'intégrité du message ne pouvant être assurée sur Internet, la responsabilité du groupe Atos ne pourra être engagée quant au contenu de ce message. Bien que les meilleurs efforts soient faits pour maintenir cette transmission exempte de tout virus, l'expéditeur ne donne aucune garantie à cet égard et sa responsabilité ne saurait être engagée pour tout dommage résultant d'un virus transmis.
>
> This e-mail and the documents attached are confidential and intended solely for the addressee; it may also be privileged. If you receive this e-mail in error, please notify the sender immediately and destroy it. As its integrity cannot be secured on the Internet, the Atos group liability cannot be triggered for the message content. Although the sender endeavors to maintain a computer virus-free network, the sender does not warrant that this transmission is virus-free and will not be liable for any damages resulting from any virus transmitted.
>
> _______________________________________________
> rabbitmq-discuss mailing list
> rabbitmq-discuss at lists.rabbitmq.com
> https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss
--
Simon MacMullen
RabbitMQ, VMware
More information about the rabbitmq-discuss
mailing list